Parcourir la source
feat(zone.xml): allow to rate limit 'accept' in rich rules
The current rich_rule macro is supporting to set if the connection should be accepted or rejected or dropped but doesn't support setting rate limiting in the 'accept' case. Add code for that. Signed-off-by: Arnaud Patard <apatard@hupstream.com>tags/v1.2.0
Arnaud Patard
il y a 3 ans
2 fichiers modifiés avec 4 ajouts et 4 suppressions
+ 1
- 1
firewalld/files/zone.xml
Voir le fichier
| @@ -60,7 +60,7 @@ | |||
| <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit> | |||
| {%- endif %} | |||
| {%- if 'accept' in rule %} | |||
| <accept/> | |||
| <accept>{%- if rule.accept is mapping and 'limit' in rule.accept %} <limit value="{{ rule.accept.limit }}"/>{%- endif %}</accept> | |||
| {%- endif %} | |||
| {%- if 'reject' in rule %} | |||
| <reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %} /> | |||
+ 3
- 3
test/integration/default/controls/zones_spec.rb
Voir le fichier
| @@ -31,7 +31,7 @@ control 'zones/public.xml configuration' do | |||
| <source-port port="4444" protocol="tcp" /> | |||
| <rule family="ipv4"> | |||
| <source address="8.8.8.8/24" /> | |||
| <accept/> | |||
| <accept></accept> | |||
| </rule> | |||
| <rule family="ipv4"> | |||
| <source ipset="fail2ban-ssh" /> | |||
| @@ -59,12 +59,12 @@ control 'zones/rich_public.xml configuration' do | |||
| <rule> | |||
| <source ipset="fail2ban-ssh" /> | |||
| <service name="ssh" /> | |||
| <accept/> | |||
| <accept></accept> | |||
| </rule> | |||
| <rule> | |||
| <source ipset="other-ipset" /> | |||
| <service name="ssh" /> | |||
| <accept/> | |||
| <accept></accept> | |||
| </rule> | |||
| </zone> | |||
| ZONE_XML | |||
Chargement…